Abyss
You must login to view this content
Aggregator
美国智库概述打造未来美国网络部队的整体框架
3 months ago
美国智库提出组建独立网络军种的具体计划和路径
超1.6亿条记录!黑客组织声称窃取越南全国公民信用数据
3 months ago
越南方面尚未回应
Ukrainian Ransomware Fugitive Added to Europe’s Most Wanted
3 months ago
US offers $11m as LockerGoga ransomware suspect becomes one of Europe’s most wanted men
Возможно, мы уже нашли жизнь на Марсе. Но никогда не узнаем правду... ведь так дешевле
3 months ago
Зонд Perseverance нашёл крайне интересные минералы. Неужели никто не заберёт их домой?
Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts
3 months ago
Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data.
The malvertising campaign, per Bitdefender, is designed to push fake "Meta Verified" browser extensions named SocialMetrics Pro that claim to unlock the blue check badge for Facebook and Instagram profiles. At least 37 malicious ads
The Hacker News
火山引擎多媒体实验室重要突破!LiveGS 技术登榜 SIGGRAPH,重新定义移动端自由视角视频直播
3 months ago
Are cybercriminals hacking your systems – or just logging in?
3 months ago
As bad actors often simply waltz through companies’ digital front doors with a key, here’s how to keep your own door locked tight
Senator Calls for FTC Investigation into Microsoft’s Use of Outdated RC4 Encryption and Kerberoasting Vulnerabilities
3 months ago
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to investigate Microsoft for what he terms “gross cybersecurity negligence,” accusing the tech giant of knowingly shipping its Windows operating system with a dangerously outdated form of encryption that has enabled devastating ransomware attacks on U.S. critical infrastructure, including major healthcare systems. In […]
The post Senator Calls for FTC Investigation into Microsoft’s Use of Outdated RC4 Encryption and Kerberoasting Vulnerabilities appeared first on Cyber Security News.
Guru Baran
NPM 软件供应链安全事件
3 months ago
作者:维一零
原文链接:https://weiyiling.cn/one/multi_npmjs_hijack_review
0x00 前言
这2天NPM仓库又遭受严重的供应链攻击,看起来性质和LedgerHQ库的事件差不多,目的也是盗窃加密货币。虽然这次并没有成功盗取到币,但是影响范围巨大,目前至少已发现了24款核心库被黑,包括chalk和debug等知名的JS库,这些库每周有着超过20亿...
4 года под носом у Apple. Опасный бэкдор спокойно жил в macOS с официальной подписью
3 months ago
ChillyHell всё ещё процветает и продолжает портить жизнь пользователям по всему миру.
LNER Reveals Supply Chain Attack Compromised Customer Information
3 months ago
Government-run train operator LNER has revealed details of a supplier data breach
小红书被要求限期整改
3 months ago
网信办在一份简短声明中宣布以女性为主的社交应用小红书被要求限期整改。“针对小红书平台未落实信息内容管理主体责任,在热搜榜单重点环节频繁呈现多条炒作明星个人动态和琐事类词条等不良信息内容,破坏网络生态问题,国家网信办指导上海市网信办,依据《网络信息内容生态治理规定》等有关规定,对小红书平台采取约谈、责令限期改正、警告、从严处理责任人等处置处罚措施。”
CVE-2025-8417 | Catalog Importer, Scraper & Crawler Plugin up to 5.1.4 on WordPress eval code injection
3 months ago
A vulnerability was found in Catalog Importer, Scraper & Crawler Plugin up to 5.1.4 on WordPress. It has been classified as critical. Impacted is the function eval. Performing manipulation results in code injection.
This vulnerability is cataloged as CVE-2025-8417. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-0763 | Ultimate Classified Listings Plugin up to 1.6 on WordPress Setting save_custom_fields custom authorization
3 months ago
A vulnerability identified as critical has been detected in Ultimate Classified Listings Plugin up to 1.6 on WordPress. This impacts the function save_custom_fields of the component Setting Handler. This manipulation of the argument custom causes missing authorization.
This vulnerability appears as CVE-2025-0763. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-8423 | My WP Translate Plugin up to 1.1 on WordPress mtswpt_remove_plugin authorization
3 months ago
A vulnerability labeled as critical has been found in My WP Translate Plugin up to 1.1 on WordPress. Affected is the function mtswpt_remove_plugin. Such manipulation leads to missing authorization.
This vulnerability is traded as CVE-2025-8423. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-8392 | Mitfahrgelegenheit Plugin up to 1.1.5 on WordPress Date cross site scripting
3 months ago
A vulnerability classified as problematic was found in Mitfahrgelegenheit Plugin up to 1.1.5 on WordPress. This vulnerability affects unknown code. The manipulation of the argument Date results in cross site scripting.
This vulnerability was named CVE-2025-8392. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-8425 | My WP Translate Plugin up to 1.1 on WordPress ajax_import_strings authorization
3 months ago
A vulnerability, which was classified as critical, has been found in My WP Translate Plugin up to 1.1 on WordPress. This issue affects the function ajax_import_strings. This manipulation causes missing authorization.
The identification of this vulnerability is CVE-2025-8425. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-8316 | Certifica WP Plugin up to 3.1 on WordPress evento cross site scripting
3 months ago
A vulnerability was found in Certifica WP Plugin up to 3.1 on WordPress and classified as problematic. The impacted element is an unknown function. Executing manipulation of the argument evento can lead to cross site scripting.
This vulnerability is tracked as CVE-2025-8316. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2025-8422 | Propovoice Plugin up to 1.7.6.7 on WordPress send_email information disclosure
3 months ago
A vulnerability was found in Propovoice Plugin up to 1.7.6.7 on WordPress. It has been rated as problematic. Affected is the function send_email. This manipulation causes information disclosure.
This vulnerability is registered as CVE-2025-8422. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com